RU2269156C2 - Method and device for rule notification - Google Patents

Abstract

FIELD: method and system for data exchange for facilitating upholding of laws and standards on information transfers and confidentiality of individuals.

SUBSTANCE: method includes stages: transferring from system to user computer a notification, that object confirmed agreement to sanctioned confidentiality and data protection rules; receipt by system of confirmation of individual of receipt of object by server or confirmation, that object will receive and use personal data in accordance to laws active in the country where individual or object is located; transferring by system to server of data object about agreement of individual to aforementioned receipt; receipt of data object from server, containing personal data of individual; periodical check of agreement of object.

EFFECT: improved reliability of information exchanges.

2 cl, 15 dwg

Description

Technical field

The present invention is directed to data exchange or data transmission based on the network and, more specifically, data exchange or data transmission based on the Internet between companies and consumers located in different regions or countries.

State of the art

Over the past few years, consumers, employers, the press, and government officials have begun to focus more on how to use, collect, and distribute personal information about individuals. In the United States, the Federal Trade Commission (FTC) took the lead on this issue in 1997 when it began holding hearings on how the search industry used personal information. These hearings focused on major information companies in the United States (Lexis-Nexis, Trans Union, Equifax, Acxiom and CDB Infotek) and several other credit bureaus and information companies. As a result of the hearings, the FTC convinced information companies that they should establish self-regulatory procedures. These key information companies have formed the IRSG (Individual Inquiries Services Group - GSSOL), which maintains the website http://www.irsg.org.

Following the IRSG's efforts, the formation of the Online Privacy Alliance (http://www.privacvalliance.org), Trust-e (http://www.truste.org), and the Better Business Bureau Online (Operational Bureau of Effective Business) ) (http://www.bbbonlme.org) and other similar organizations. All were founded by commercial firms as an attempt to reflect new privacy laws. All of them, to some extent, were run by the same commercial firms that were supposed to be controlled. And they all sought to use a passive approach to regulating privacy on the Internet.

Most of these organizations charge a nominal membership fee. Most of them have operational profiles, which they propose to fill out for commercial firms. However, these organizations do not support any continuous, regular supervision of the commercial firms that they must control. And most importantly, they set the minimum standards for protecting confidentiality compared to the standards adopted by the 40 most developed countries, including the majority of members of the Organization for Economic Co-operation and Development (OECD) and the European Union (EU).

The European Union includes about 15 member countries (there are 8 more countries awaiting EU membership), including those countries that make up most of Western Europe. The EU currently has approximately 365 million permanent residents. In total, there are about 40 countries that pass confidentiality laws designed to meet EU standards. This means that there are about one billion citizens in countries that pass EU privacy laws.

The EU privacy laws are based on the Data Confidentiality Directive (in force since October 1998). According to the EU directive on data confidentiality for a country that does not provide “adequate protection” in order to guarantee confidentiality for its citizens, all data flows from the EU can be marked. For example, it is believed that the United States does not provide adequate protection. Although certain procedures have been adopted, US companies and / or Internet companies will not be able to process any personal data on individuals who are permanent residents of the European Union or any of other countries that have adopted the same type of procedures as the EU. An Internet company in the USA, for example, could not receive personal information from an EU citizen to send goods to this consumer in the EU. An American corporation, with its headquarters in the United States, could not send personal information to the United States to decide on staffing, etc.

The possibility of reducing the flow of data between the USA and Europe can cause losses of about $ 1 trillion per year in providing information and services between the USA and Europe. To avoid such losses, the US and the EU have entered into a Save Harbor agreement, which allows US companies to certify that they will comply with the EU Data Privacy Directive without having to register and follow the bureaucratic procedures established by the EU Directive.

The US and the EU notified the Silent Harbor on December 15, 1999. Silent Harbor is not a way for US companies to evade the EU Data Privacy Directive, but rather a way for the US to avoid aligning with the bureaucratic procedures required by the Directive. In short, US companies will be able to independently certify that they will comply with the requirements of the Data Privacy Directive. This may still be contested later, but self-certification means the presumption of compliance with the US company requirements.

The principles of the Data Confidentiality Directive require that personal data be processed fairly and lawfully. This requirement has several components. The most important component for these purposes is that the individual must explicitly consent to the processing of the individual’s personal information. "Consent" is defined as "... some voluntarily given specific and communicated indication of his desire, with the help of which the data subject expresses his agreement to the processing of personal data relating to him." Another important requirement is that "personal data should not be transferred to a country or territory outside the European Economic Area unless that country or territory guarantees an adequate level of protection for the rights and freedoms of data subjects with regard to the processing of personal data."

The directive establishes a number of rights for individuals regarding personal data about them stored by others. Briefly, these rights include the following: (1) the right to access data; (2) the right to obstruct processing, which is likely to cause damage and distress; (3) the right to obstruct processing for direct marketing; (4) the right to know certain information about automated decision making; (5) the right to take action to compensate for damage; and (6) the right to take action to correct, block the erasure and destruction of inaccurate data.

Most privacy authorization programs are funded and implemented by supervised companies. This casts doubt on the reliability and impartiality of such programs. In fact, in two widely publicized breaches of confidentiality by their member companies, one organization refused to intervene because of the relationship the member companies had with the organization. A recent joint project by the Information Bureau and the Ontario Commissioner for Confidentiality and the Commissioner for Australia’s Federal Confidentiality Commission noted numerous inconsistencies in modern certification programs.

SUMMARY OF THE INVENTION

A preferred embodiment of the present invention provides a method for promoting consistency with data protection and confidentiality laws and regulations relating to privacy rights for individuals. The method includes the following steps: (1) informing the individual involved in the potential disclosure of his / her personal data for a certain object that this object has certified its compliance with the authorized actions for confidentiality and data protection, which are consistent with relevant laws and regulations on data protection and confidentiality, covering the use of personal data in at least the country of residence of the individual or the said facility; (2) obtaining the consent of an individual to accept the object or confirm that the object will receive and use the personal data of the person in accordance with established rules or with relevant laws and regulations on data protection and confidentiality, covering the use of personal data at least in the host country of this person or object referred to; (3) transmitting to the object data indicating that the said person is informed about the confidentiality actions of the said object and in accordance with the acceptance by this object (or confirmed acceptance by the object) and the use of the person’s personal data in accordance with established rules or with relevant laws and regulations on data protection and confidentiality, covering the use of personal data in at least the country of residence of the person or object referred to; (4) receiving from the object data containing personal data received by the object from the said person; (5) the storage of said personal data received from the facility; and (6) periodically checking whether an object complies with established rules or relevant laws and regulations for data protection and confidentiality, covering the use of personal data at least in the country of residence of the person or said object. The method also preferably includes the step of informing the said person that the object is protected by insurance or an equivalent risk protection tool to provide protection against the risk of loss and damage caused to the said person arising from improper use or loss of personal data of the person by the said object.

Preferably, data indicating that the person has agreed to accept the object (or has confirmed acceptance by the object) and the use of personal data of the person contains data that uniquely identifies details related to the consent or confirmation of the person (for example, consumer IP address, language identification, country identification, end period) and compressible using a hash function.

When an object transmits personal data received by the object from the person mentioned back to the system operator implementing the preferred method, these transmitted data preferably include data transmitted to the object by the system operator, uniquely identifying details related to the consent or (confirmation) of the person. The preferred method can be performed with many objects and with persons located in the same country, or with many objects and persons located in many countries.

A preferred embodiment of the present invention also provides a system that includes a Web application on an Internet server on a system Web site that receives a redirected URL (universal resource locator) from a set member Web site, and displays a policy notification via the Internet to a redirected user to the system Web site after accessing the member’s join page. The notice of rules provided is preferably associated with displays consisting of privacy laws and insurance policies that apply in the consumer’s host country, as well as with an agreement provided by the participant who agrees to protect the personal information of the consumer in accordance with the privacy laws of the consumer’s host country. In an alternative embodiment, the agreement provided by the participant agreeing to protect the personal information of the consumer is in accordance with the privacy laws of the member's host country.

The consumer reads the agreement and agrees or does not agree to provide his personal information. In the present description, the “agreement” may also contain confirmation that the participant will accept consumer information. In this description, the terms “agree” or “accept” should be understood as covering the case where the concept of “confirm” is more accurate. If the consumer agrees, then he presses the "agree" button (or otherwise indicates acceptance (or confirmation), as is known in the art); if the consumer does not agree, he clicks the "refuse" button (or otherwise indicates the desire to reject the agreement). The results are returned from the system Web site to the member’s Web site in the form of a hash code that preferably contains data indicating that the consumer has accepted or rejected the agreement, as well as information such as the date / time stamp and consumer IP address. If the consumer clicks the “agree” button, the participant’s website will present a form requesting personal information. When the consumer submits this completed form to the member’s website, one copy of this information is sent to the system website, and another copy is transferred to the member’s database for further processing. The hash code is also sent back to the system Web site for future use in connection with audit or dispute resolution procedures.

The privacy notice is preferably based on an audit carried out by independent organizations (such as PriceWaterhouseCoopers), which are approved by the operator in the preferred embodiment of the system. Independent organizations certify to the system operator that the approved privacy standards are met. Organizations provide the system operator with information sufficient to determine how to collect and use personal information. However, in an alternative implementation, the confidentiality notice is based solely or mainly on information provided by the participant.

Preferably, the system operator provides an independent organization with a template for providing the system operator with information intended for use in privacy notices. After the template is completed, the system provides a privacy notice to individual consumers. The confidentiality notice is presented for the first time when the consumer requests to submit personal information to the member’s website (at this stage no personal information is collected on the member’s website). When a consumer receives a URL on a site that would not normally collect such personal information, the preferred system presents this page to a consumer who has been redirected to the website of the preferred system. The page includes a privacy notice and information on how the system works.

The servers used in the preferred embodiment of the system maintain an audit trail for each company, showing which privacy notices were provided and what information was collected. The database keeps track of how long personal information will be maintained by each company. The operator of the preferred system option notifies the company and the consumer when such a period of time ends, and asks the company to confirm that personal information is either deleted or processed in accordance with the wishes of the individual consumer. An audit trail can be used in the event of a dispute between participating firms and consumers.

An important distinguishing feature of the preferred embodiment of the present invention from other systems is the provision of insurance. The participating consumer is preferably offered an insurance policy (for example, $ 100,000), which can be used in case of actual damages suffered by the consumer due to misuse or loss of consumer personal information by the participating company. The policy preferably allows the consumer to initiate proceedings on the spot and recover damages from the participating company, regardless of the location of such a company.

The insurance program is designed to ensure that the participating company will work with the insurance company to resolve disputes. If the disputes are not resolved and if the claims are paid, then the company will have to pay compensation to the insurance company for the intentional violation of confidentiality rights.

The preferred version of the system contains a component that is regularly reviewed by participating companies to ensure that they are consistent with established privacy rules. The audit is preferably supported by arbitrary inspections by audit firms. For companies that violate their privacy rules and / or are unable to correct their deficiencies, notice of the rules may be canceled. If they use the notice of rules in case of violation of the rules of the system, enforcement actions are applied against the company. Relevant regulatory authorities may be notified of violations and may use audit trail information to support appropriate action against the company-offender (see FIG. 5).

Therefore, the preferred embodiment provides both parties to the electronic business transaction with monetary justification to protect confidentiality. Consumers have independent confirmation that the company with which they are conducting a transaction is legal and will use personal data appropriately. If there are violations, the consumer can apply to the insurance policy. The participating companies have consumers who trust them to use the information appropriately and can engage in commercial activities within the European Union and other countries.

Brief Description of the Drawings

1A is a system diagram depicting the main hardware components of a system according to a preferred embodiment of the present invention.

1B is a flowchart illustrating the steps of a method according to a preferred embodiment of the present invention.

2 is a preferred embodiment of a rule notification web page.

3 is a process diagram for a preferred embodiment.

4 is an application diagram for a preferred embodiment.

5 is a business diagram for a preferred embodiment.

6 is a block diagram of a preferred embodiment.

FIG. 7A, FIG. 7B, and FIG. 7C are design class diagrams for a preferred embodiment.

8A and 8B are a database design diagram for a preferred embodiment.

Detailed Description of Preferred Embodiments

A preferred embodiment of the present invention comprises a computer system that has at least the following components (see FIG. 1A): the system server 10 is connected to the system database 15. The system server 10 is also connected to the computer network 20 and connected to the computer network 20 member server 25, member server 25 is connected to the member database 30. Member server 25 is also connected via a computer network to a consumer’s personal computer (PC) 40. In a preferred embodiment, networks 25 and 35 are essentially the same network — the Internet.

A preferred embodiment of the present invention further comprises a Web application on an Internet server 10 in a system Web site that receives a redirected URL (universal resource locator) from an installed server of the member Web site 25 and displays a policy notification via Internet 35 to a consumer via a consumer PC 40, which is redirected to the system Web site. The notice of rules presented is preferably associated with displays consisting of privacy laws and insurance policies that apply in the consumer’s country of residence, as well as with an agreement submitted by the participant agreeing to protect personal information of the consumer in accordance with the privacy laws of the consumer’s country of residence. The consumer reads the agreement and agrees or does not agree to provide his personal information (or confirms that the participant will receive his personal information; for clarity of explanation, the description below does not focus on this, as it is clear to those skilled in the art where the term "confirm" can used as an alternative to the terms “accept” or “agree”). If the consumer agrees, then he presses the "agree" button (or otherwise shows consent, as is known in the art); if the consumer does not agree, he presses the "refuse" button. The results are returned from the system server 10 of the Web site to the server 25 of the Web site of the participant in the form of a hash code. If the consumer has clicked the “agree” button, the participant’s Web server 25 submits a form requesting personal information. When the consumer submits this completed form to the member’s Web server 25, one copy of the information is sent to the system Web server 10, and another copy is transferred to the member’s database 30 for further processing. Also, the hash code is sent back to the system Web server 10 and database 15 for further tracking.

A hash code is a composite key that the system Web server uses to track what information has been presented and agreed upon. This key preferably contains at least the following information: (1) member data; (2) date and time; (3) a link to the notice of the rules; and (4) consumer IP address.

FIG. 1B illustrates the steps of a preferred embodiment of the method of the present invention. At step 105, the consumer accesses the member’s affiliate page (a Web site page that enables the consumer to register or use the member’s services in another way). At step 115, the consumer is redirected to the Web site and server 10 of the preferred embodiment of the system. The member web server 25 sends the member ID and consumer IP address to the system web server 10 (see process diagram of FIG. 3, step (a)).

At step 120, a rule notification agreement is transmitted to the consumer that is specific to the country of residence of the participant and consumer (as determined using the consumer URL). The rule notification agreement preferably contains information regarding the rules adopted by the participant regarding the collection and use of personally identifiable information (FDI). In a preferred embodiment, the consumer is first given a summary page of the confidentiality rules (see pages 4, 5), which summarizes the terms of the agreement. The consumer can then turn to additional details or complete the work with the privacy rules by clicking on the appropriate links on the summary page of the privacy rules.

If the consumer accepts the terms of the agreement, the consumer preferably clicks the "agree" button (or otherwise shows consent (or confirmation)), and if the consumer does not accept the terms of the agreement, the consumer clicks the "refuse" button (or otherwise shows the desire to reject the agreement). At step 125, the system checks whether the consumer has indicated acceptance or rejection of the agreement. If the consumer indicated the rejection of the agreement, then at step 130, the system creates a no hash code (a hash code that indicates that the consumer has rejected the agreement). If the consumer has indicated acceptance of the agreement, then at step 135, the system creates a yes hash code (a hash code that indicates that the consumer has accepted (or confirmed) the agreement). Each hash code also contains other data, discussed below. Step (b) of FIG. 3.

If the consumer indicated acceptance and a yes hash code was created at step 135, or the consumer indicated a deviation and the no hash code was created at step 130, then at step 140 the consumer is redirected to the member’s website and the hash code generated at step 130 or 135, is sent to the member’s website.

At step 145, the member web site checks to see if a yes hash has been received from the system web site. If so, then at step 165, the member’s website is displayed in a form that requests the consumer’s personal information, and the consumer approves the requested information. At step 170, the member’s Web site receives and stores consumer information (see steps (c) and (f) in FIG. 3) and sends an encrypted copy of the consumer’s information to the system Web site along with the accepted yes hash code (see step (d) of FIG. 3). This information is stored in the system user data memory (see step (e) in FIG. 3).

If at step 145, the consumer website determines that the yes hash code has not been received, at step 150, the consumer web site checks to see if the hash code is no. If the hash code “no” was accepted, then at step 155 the member’s website displays a page indicating to the consumer that permission to join cannot be given. If at step 150 the member’s website does not determine that the hash code “no” has been received, the consumer is redirected to the join page.

A preferred embodiment of the system Web server 10 of the Web site corresponds to an institution class Web server with an institution class database in order to support a Web application (e.g., Microsoft Internet Information Server (ICI) based on a Windows NT server). The server preferably has the same dual interface configured in a load balanced cluster. This ensures redundancy to provide support to participants and consumers.

When the consumer data is returned to the system Web server 10, the data is stored in the database 15. The hash code, last name and first name index the database 25. The preferred database is Oracle 81 or its functional equivalents. Oracle is a recognized leader in relational database systems and has specific solutions for Internet database applications. Database 25 preferably has at least the following six tables:

(1) Detailed data of the participant - this table contains the information of the participant. It is used to track participant details and billing information.

(2) Global privacy laws - this table contains privacy laws that are indexed by the country in which they are applied. The table is accessed whenever a policy notice is made.

(3) Global insurance rules - this table contains insurance rules that are agreed with each section.

(4) Global IP Register - This table is used to translate the consumer IP address to a location. This is useful when the system initially submits a notice of rules.

(5) Activity log - this table contains all activity events that occur in the application on the system’s Web site.

(6) Consumer confidentiality information - this table contains all consumer information that is transmitted from the member’s Web sites.

(7) A summary of the participant’s privacy rules.

Preferred system hardware includes: (1) dual web servers; (2) a database server; and (3) a tape drive for archiving. Preferred software contains: (1) Oracle 81; and (2) a web server application.

A preferred embodiment of the present invention comprises a GPNA (global policy notices) application to inform consumers that member organizations adhere to the country's widespread privacy laws protecting consumer personal information. A preferred embodiment of a rule notification system: (1) displays a notification of rules for a consumer in a plurality of languages supported by a member organization; (2) supported by insurance; (3) complies with the country's privacy laws, which are supported by rigorous audits and controls by lead auditors; (4) provides for prior notification of participants allowing them to delete the personal information of consumers from their data memory after the expiration of the term; (5) seeks the consent of the consumer with each relevant decision; and (6) provides functionality that allows the consumer to submit an application and to be processed by a third party research agency. See figure 4.

The participant must make minimal changes to integrate the system application into the participant’s Web site environment. The changes mainly include (1) the redirected URL from the user’s site’s user’s join page, and (2) HTTP - the request to send a duplicate form from the personal information page of the participant’s website. The server 25 of the participant’s site must also receive a hash code that is returned from the system Web server 10 and transfer this hash code back to the system Web server 10 with personal information that has been collected from the consumer.

The following is a list of functional elements contained in the software of the preferred embodiment of the system:

(1) an external interface that allows the system to remember and maintain participant information and which includes the following functionalities: (A) add participant data, preferably including the following elements:

Name Default country Organization Default language Address Default url City IP Pool State Volume Thresholds A country Revision period Postcode date of the application Contact name Current date E-mail address expiration date Phone Status

("volume thresholds" is the expected number of monthly views); (B) modify the participant details for the above items; (C) abolish the participant; (D) connect the auditor to the participant; abolish the participant; (E) change the auditor for the participant; (F) abolish the auditor for the participant; (G) connect the insurer to the participant; (H) change the insurer for the participant; (I) abolish the insurer for the participant; (J) add a member insurance policy, preferably including the following elements:

Insurance policy ID Review text Insurer ID Detailed text of the policy Country code Current date Language code expiration date Policy value Status

(K) amend member insurance policies for the above items; (L) abolish member insurance policies; (M) add privacy rules to the participant, preferably including the following elements:

Country code Duration Language code Current date Overview text of the rules expiration date Detailed rules text Status

(N) amend the member’s privacy rules for the above items; (O) abolish the confidentiality rules for the participant; (P) add language to the participant; (Q) abolish the language for the participant; (R) connect the level of membership in the system; (S) change the level of membership in the system; and (T) abolish the level of membership in the system.

(2) An external interface that allows the system to remember and maintain the information of the insurer, which includes the following functionalities: (A) add data to the insurer, preferably including the following elements:

Surname Contact Address E-mail address City Phone State Current date A country expiration date Postcode Status

(B) modify the data of the insurer for the above items; and (C) abolish the insurer.

(3) An interface that allows the system to remember and maintain auditor information, which includes the following functionality: (A) add auditor data, preferably including the following elements:

Surname Contact Address E-mail address City Phone State Current date A country expiration date Postcode Status

(B) change the auditor information for the above items; and (C) eliminate the auditor.

(4) An external interface that allows the system to remember and maintain organization information, which includes the following functionalities: (A) add organization data, preferably including the following elements:

Title Contact Address E-mail address City Phone State Current date A country expiration date Postcode Status

(B) change the organization details for the above items; and (C) abolish the organization.

(5) An external interface that allows the system to remember and maintain integrator information, which includes the following functionality: (A) add integrator data, preferably including the following elements:

Title Contact Address E-mail address City Phone State Current date A country expiration date Postcode Status

(B) modify the integrator data for the above elements; and (C) abolish the integrator.

(6) An external interface that allows the system to remember and maintain 3rd party claims processor information, which includes the following functionality: (A) add 3rd party claims processor data, preferably including the following elements:

Title Contact Address E-mail address City Phone State Current date A country expiration date Postcode Status

(B) modify 3rd party claims processor data for the above items; and (C) abolish the 3rd party claims processor.

(7) An external interface that allows the system to memorize and maintain language information, which includes the following functionalities: (A) add a language; and (B) abolish the language.

(8) An external interface that allows the system to memorize and maintain information on a page layout option for an interactive rules notification page, which includes the following functionalities: (A) add a page layout option for an interactive rules notification page; and (B) abolish the layout of the interactive rules notification page.

(9) An external interface that allows the system to remember and maintain alleged privacy laws applicable by governments.

The following is the sequence of steps involved in executing the method according to the preferred embodiment:

(10) Display the system page of the interactive notification of the rules with the information of the participant, information of the insurance policy, information of the rules of confidentiality, level of participation in the system and information of the auditor in the consumer language.

(11) Display the interactive rules notification system page for the selected country.

(12) Display the system page of the interactive rule notification in the selected language.

(13) Display participant insurance policy in more detail.

(14) Display the participant’s privacy rules in more detail.

(15) Transfer control back to the participant’s application if the consumer has accepted the terms of the system page of the interactive notification of the rules. Before transferring control back to generate an encrypted unique identification of the interactive rules notification page (hash code), preferably consisting of the following elements, when the consumer accepted the interactive rules notification system page:

Member Identification Date / Time Stamp Country identification End period Language identification Layout option Consumer IP Check sum

(16) Transfer control back to the participant’s application if the consumer (customer) has rejected the interactive rules notification system page.

(17) The participant’s application sends the consumer’s confidentiality information, consisting of the following, to the system: (A) key: unique ID for the interactive rules notification page (encrypted using the system key); (B) the data sought: (i) the user ID (encrypted using the system key); (ii) consumer's last name (encrypted using the system key); (iii) address bar (encrypted using the system key); (iv) country code (encrypted using the system key); (v) zip code (encrypted using the system key); and (vi) end date (encrypted using the system key); and (C) consumer personal information: consumer personal data (encrypted with a system key).

(18) Accept and remember in the system storage device the personal information of the consumer, consisting of the following: (A) key: unique page ID of the interactive notification of the rules (encrypted using the system key); (B) the data sought: (i) the user ID (encrypted using the system key); (ii) consumer's last name (encrypted using the system key); (iii) address bar (encrypted using the system key); (iv) country code (encrypted using the system key); (v) zip code (encrypted using the system key); and (vi) end date (encrypted using the system key); and (C) consumer personal information: consumer personal data (encrypted with a system key).

(19) Add consumer personal information consisting of the following comma-separated data elements when participants encounter problems interacting online with the system (the divided data is copied to the system information data archive): (A) key: unique page ID of the interactive notification about rules (encrypted using the system key); (B) the data sought: (i) the user ID (encrypted using the system key); (ii) consumer's last name (encrypted using the system key); (iii) address bar (encrypted using the system key); (iv) country code (encrypted using the system key); (v) zip code (encrypted using the system key); and (vi) end date (encrypted using the system key); and (C) consumer personal information: consumer personal data (encrypted with a system key).

(20) An external interface that allows the system to add data related to consumer incidents, preferably including the following elements: (A) surname of the initiator; (B) the address of the initiator; (C) ID of the country of the initiator; (D) zip code of the initiator; (E) initiator contact details; (F) the name of the incident; (G) line 1 of the incident address; (H) country code of the incident; (I) the zip code of the incident; (J) a participant in the incident; (K) the time frame of the incident; (L) type of incident; and (M) details of the incident.

In addition, an interactive rule notification system page is generated for the incident initiator. After accepting the interactive notification page about the rules, it is stored in the system memory of the consumer’s personal information - see (12) above.

(21) Provide supporting incident data to a third party claims processor, auditor, or consumer. Supporting data is preferably a combination of the following: (A) raw data from a privacy data storage device; and (B) a re-generated interactive rules notification page.

(22) An external interface that allows the system to update the solution of incidents recorded by the consumer, including the following elements: (A) the date of the decision; (B) the text of the decision; and (3) decision code.

(23) Notify participants of the expiration of the interactive rules notice pages;

(24) Process the attestation of the participant of the expired interactive rules notification page.

(25) Create a data sample of an interactive rule notification with the help of a participant for the relevant auditor. The data contains a list of active pages for interactive notification of rules, expired pages of interactive notification of rules, and both. The data may also refer to specific pages of the online rule notification.

(26) Archive the participant page data of the interactive policy notice.

(27) Verify the validity of the page data of the interactive rules notice participant regarding the following:

(A) a valid page ID of the interactive policy notice; (B) the uniqueness of the page ID of the interactive notice of the rules; (C) a valid participant ID; (D) the sequential time order of the participant ID date within the tolerance; (E) data received from participants within the boundary values of the volume; (F) a valid expiration date — a valid date — calculate the date and compare with the participant’s date; (G) filled in personal data and> numbers × bytes; (H) the required information is provided (consumer's last name, line 1 of the address, country code, zip code and expiration date).

(28) Generate statistics on the use of the amount of personal information of the consumer by date, participant, country and language.

(29) Accept and remember the statistics of the request page of the participant of the interactive notification of the rules for the participant from the cash payment device.

(30) Create consistency of the executed sample for execution on the participant’s website, which will check all system pages of the interactive notification of rules for the following and for reporting the following: (A) a valid page ID of the interactive notification of rules; (B) a unique interactive page notification ID for the rules;

(C) the expiration date of the interactive rules notification page is greater than the current date; and (D) a correctly calculated expiration date.

(31) Create consistency of the executed sample for execution on the participant’s website, which will process for the page IDs of the interactive notice of the rules. If the interactive rules notification page ID has expired and the interactive rules notification page exists in the member’s database, then an exception is thrown. If the interactive rules notification page ID is valid and the interactive rules notification page exists in the participant’s database, encrypt the participant’s personal data and compare it with the data in the consumer’s personal data storage device.

(32) Maintain and disseminate the content of the online policy notification page.

(33) Implement a communication tool for a third party that will generate a volume statistics message by date, participant, country, language.

(34) Provide an algorithm that will verify the authenticity of the logo of the interactive rules notification page when it is selected. Provide communication with the list of active participants in the system.

(35) Publish a system installation / integration document. This document includes the requirement that the participant will guarantee that the system page of the online notification of the rules is generated before the participant saves any personal data of the consumer.

The preferred implementation uses the UNIX operating system (OS) to run the GPNA. UNIX is a proven operating system used by many enterprise systems around the world.

Preferred hardware includes the following: (A) in each system server (on each Internet database connector): (i) the Sun Microsystems E-250 Workgroup Server for real-time database updates; (ii) the Sun Microsystems E-250 workgroup server for the Web logic application server; (iii) Sun Microsystems Ultra-60 workgroup server for cash services with maximum RAM, which is acceptable in the system configuration; (iv) 2 Ultra-60 Sun Microsystems workgroup servers for the outbound web server; and a tape recorder with automatic disk change for archiving and copying.

(B) In the system data center: (i) the server of the Ultra-60 Sun Microsystems working group for the distribution of content (network authentication and access protection system); (ii) the Sun Microsystems E-250 workgroup server for the Web logic application server for processing requirements and updating partner data; (iii) Sun-Microsystems Ultra-60 Workgroup Server for processing requirements and internal schedules; (iv) the Sun Microsystems E-250 workgroup database server for archiving and retrieving rule notification data and storing requirements and partner data updates; and (v) an automatic disk changer for archiving and copying.

Preferred software for implementing GPNA: (A) deployment environment: (i) application server (Web logic) with clustering software; (ii) relational database (Oracle); (iii) Inktomi information distributor; (iv) superfast logic package (J / SSL, Baltimore); (v) a certificate server with digital signature software; (vi) access protection system (checkpoint); (vii) host-based violation detection (intruder alert from Axent technology); (viii) Cash Services (Epic Realm); (ix) the organizing Resonate Dispatch program (global and central) for intelligent routing; and (x) a network authentication server for connecting between the content distributor and the cash service (Cisco secure access control server); and (B) development environment: (i) modeling tool (Rational Rose); (ii) a configuration management system (ClearCase); (iii) a testing tool (Silknet Sequi); (iv) IDE (Visual Café); (v) Web development tool (Dream Weaver); (vi) Java server pages and utilities; (vii) Web server (Netscape); (viii) Java 1.2 X and JSDK; (ix) Web logic application server; and DBMS (Intelligent Database Management System) Oracle.

On figa, figv and figs shows a diagram of the design classes for the preferred variant implementation. On figa and figv shows a design diagram of the database for the preferred variant implementation. The term “authorization” should be interpreted as a synonym for the concept of “notice of rules”.

Host system: Internet data centers located around the world for a regional application host system (Exodus Communications or Digital Island).

Network infrastructure: (A) a specialized connection from a distributor of content and a cash settlement service; and (B) a high-speed (T3) Internet connection to the system Web server.

Security

For the following problems, appropriate tools are preferred for implementing a secure solution for GPNA.

(1) To prevent the unauthorized use of the “credentials” of the notice of the rules: one of the most important goals of the system is to maintain the integrity of its member organizations subject to the periodic audit process. Only those participating organizations that go through a rigorous audit process are issued with policy notices. Consequently, there is a real possibility that some impostors could unlawfully claim membership in the system, plagiarize copies of the notice of rules (images), or otherwise mislead an unsuspecting consumer using a lot of fake "credentials."

Means: the image of the "credentials" of the notification about the rules of the participant is dynamic - preferably a small program (applet), the reliability of which can be verified on-line using GPNA. The system’s website also preferably maintains a list of modern participating organizations with their expiration dates.

(2) Protect sensitive information sent or received via the Internet: The Internet is a network of public computers and, as such, any communication through it is unreliable and prone to eavesdropping. Therefore, a secure way to exchange data is to deploy a secure private network between participants and the system. But the installation of such a network is unacceptably expensive and would be an obstacle to the entry of new participants into the system.

Means: each message is encrypted / decrypted using a solution based on a public key infrastructure (ICOP). Asymmetric key pairs of at least 128 bits are used for encryption / decryption. After encryption, the message is sent using the SSL protocol (secure socket levels) over the Internet. The SSL protocol initiates a two-way communication session with a greeting by exchanging encryption keys, while checking their digital certificates that contain the public key, domain name ("ID") of the user, publisher ID, serial number, validation period, digital signature and its "fingerprints" (hash value). In summary, this secure data exchange includes the following steps: (A) authentication of end systems (server, client); (B) distribution of encryption keys; and (C) encryption of data sent between applications.

(3) Maintain trace (track data) and audit trail: recent hacker attacks on popular Web sites pose a serious threat to the integrity of enterprise systems, especially at the B2B site. It is necessary to create a mechanism by which each transaction registered in the system could be tracked.

Means: the preferred system monitors data and records the audit for all fundamentally important transactions.

Although the embodiments depicted and described in the present description achieve the objectives of the invention, it is obvious that various alternatives, modifications and variations will be apparent to those skilled in the art in light of the previous description.

These alternatives, modifications, and variations are within the scope of the present invention and it should be borne in mind that the embodiments presented herein are for purposes of illustration only and not for purposes of limitation.

Claims (35)

1. A method of exchanging data to facilitate compliance with laws and regulations on data protection and confidentiality relating to individual privacy rights, which includes         sending from the system to the person’s computer a notice of the rules informing the person involved in the potential disclosure of his personal data to the server of a certain object that the object has verified its acceptance of the sanctioned rules of confidentiality and data protection, which are consistent with the relevant laws and regulations on data protection and confidentiality, including the use of personal data, at least in the host country of the person or facility; acceptance by the system from a person’s computer of a person’s consent to the acceptance by the server of the object or confirmation that the server of the object will receive and use his personal data in accordance with established rules or with relevant laws and standards for data protection and confidentiality, including the use of personal data, at least in the host country of the person or facility; the system transferring data to the server of the object indicating that the person is informed about the confidentiality rules for the object and in accordance with the acceptance by the server of the object or has confirmed that the server of the object will receive and use its personal data in accordance with established rules or relevant laws and regulations for data protection and confidentiality, including the use of personal data, at least in the host country of the person or object; reception by the system from the server of the object of the data containing personal data received by the server of the object from the computer of the person; the system saves the said personal data received from the server of the object and periodically checks by the system whether the object is consistent with the established rules or with the relevant laws and regulations on data protection and confidentiality, including the use of personal data, at least in the host country of the individual or object . 2. The method according to claim 1, further comprising the step of informing the person that the object is protected by insurance or an equivalent risk protection tool to protect against the risk of loss and damage to the person resulting from improper use or loss of personal data of the person by the object. 3. The method according to claim 1, wherein said data indicating that the person agrees to the server receiving the object or confirms that the server of the object will receive and use the personal data of the person, contain data that uniquely identifies detailed data related to the consent of the person. 4. The method according to claim 3, in which the aforementioned data indicating that the person agrees to receive the object by the server or confirms that the object server will receive and use the personal data of the person, and uniquely identifying detailed data related to the consent of the person, are compressed using a hash function. 5. The method according to claim 4, in which said data received from the server of the object containing personal data received by the server of the object on behalf of include data transmitted to the server of the object, uniquely identifying detailed data related to the consent of the person. 6. The method according to claim 1, performed with many objects and persons located in one country. 7. The method according to claim 1, performed with many objects and persons located in many countries. 8. The method according to claim 1, in which informing a person is carried out in the official language of the host country of that person. 9. The method according to claim 1, implemented as a multivariate program for certification of confidentiality rules, requiring participating entities to certify their agreement with the approved privacy standards for using personal data of individuals and providing such entities with a notification of the rules to confirm their acceptance by the program and membership in the program. 10. The method according to claim 9, in which the approved standards meet the standards required by the United States, the European Union, or other countries or regional organizations. 11. The method according to claim 9, further comprising the step of conducting audits or other evaluations performed for entities requesting or having membership in the certification program of confidentiality rules to ensure that the confidentiality rules of the facilities meet the standards approved and required by the program. 12. The method according to claim 11, further comprising the step of conducting random inspections or audits carried out with respect to the participating objects to verify the consistency of the objects with their approved privacy rules. 13. The method according to item 12, in which, after detecting a violation of the approved privacy rules of the object, a notification about this and a request for correction are provided to the object. 14. The method according to item 13, in which after the refusal of the object to accept the request to correct the notification of the rules of the object is canceled. 15. The method according to 14, in which, after continued misuse of the notification of rules by the entity, a coercive action is taken to terminate such use, and a notification thereof is provided to the appropriate regulatory authorities. 16. The method according to claim 1, in which the data received from the server of the object containing the stored personal data of the person includes a period of time of consent or confirmation of the person, the length of time during which the personal data of the person will be stored, and the choice to extend or update the consent or confirmation of the person, if necessary, and a notification about this is presented to the server of the object and to the person before the expiration of the agreement. 17. The method according to clause 16, in which the person is given the opportunity to delete personal data from the data memory of the object after the expiration of the agreement. 18. The method according to claim 2, in which, as prerequisites for membership in the certification program of confidentiality rules, the object is required to come to an agreement (a) regarding work with insurance service providers or equivalent risk guarantee instruments for resolving disputes with individuals and ( b) reimbursement of expenses of insurance service providers or equivalent risk guarantee instruments for presented claims paid to persons due to violations by the object of their rights to confidentiality. 19. The method according to claim 1, in which the steps of transmitting a notification of the rules, receiving consent or confirming a person, transmitting data to the server of the object and receiving data from the server of the object are performed via the Internet. 20. A data exchange system to facilitate compliance with laws and regulations on data protection and confidentiality relating to the privacy rights of individuals, containing system server for informing the computer of the person involved in the potential disclosure of his personal data to the server of an object that the object has verified its acceptance of the authorized privacy and data protection rules, which are consistent with relevant laws and standards for the protection of privacy data, including the use of personal data, at least least in the host country of the person or facility; receiving from a person’s computer the consent of the person to receive the object by the server or confirmation that the server of the object will receive and use its personal data in accordance with established rules or with relevant laws and standards for data protection and confidentiality, including the use of personal data, at least country of residence of the person or facility;  transmitting data to the server of the object indicating that the person is informed about the confidentiality rules for the object and in accordance with the reception of the object or has confirmed that the server of the object will receive and use its personal data in accordance with the established rules or with the relevant laws and standards for data protection and confidentiality, including the use of personal data, at least in the host country of the person or facility;  receiving data from the server of the object containing personal data received by the server of the object from the person’s computer, and periodically checking whether the object is consistent with the established rules or with the relevant laws and standards for data protection and confidentiality, including the use of personal data, at least in the country stay of a person or object; and a system database for storing said personal data received from the object’s server. 21. The system of claim 20, further comprising a means for informing the person that the object is protected by insurance or an equivalent risk protection tool, to protect against the risk of loss and damage to the person resulting from improper use or loss of personal data of the person by the object. 22. The system according to claim 20, in which the aforementioned data indicating that the person agrees to receive the object by the server or confirms that the object server will receive and use the personal data of the person, contain data that uniquely identifies detailed data related to the consent of the person. 23. The system of claim 22, wherein said data indicating that the person agrees to have received the object by the server or has confirmed that the server of the object will receive and use the personal data of the person, and uniquely identifying detailed data related to the consent of the person, are compressed using a hash function. 24. The system of claim 23, wherein said data received from the object server containing personal data received by the object server from the person’s computer includes data transmitted to the object server that uniquely identifies detailed data related to the person’s consent. 25. The system according to claim 20, in which informing a person is carried out in the official language of the host country of the person. 26. The system according to claim 20, containing a means for conducting a multi-purpose program for certification of confidentiality rules, requiring participating entities to certify their agreement with the approved confidentiality standards for the use of personal data of individuals, and a means for providing such facilities with a notification of the rules to confirm their acceptance by the program and membership in the program. 27. The system of claim 26, wherein the approved standards meet the standards required by the United States, the European Union, or other countries or regional organizations. 28. The system of Claim 26, further comprising a means for conducting audits or other evaluations performed for entities requesting or having membership in the certification program of confidentiality rules to ensure that the confidentiality rules of the facilities meet the standards approved and required by the program. 29. The system of claim 28, further comprising a means for conducting random inspections or audits performed on participating entities to verify the consistency of the entities with their approved privacy rules. 30. The system according to clause 29, further comprising a means for providing the object with a notification of a violation of the approved rules on the confidentiality of the object after detecting the violation and a means for providing the object with a request for correction. 31. The system of claim 30, further comprising a means for canceling a confidentiality notification of an object after the object has refused to accept the request for correction. 32. The system of clause 31, further comprising a means for providing, after any continued misuse, a notice of the rules by the entity, notifications of such misuse to the appropriate regulatory authorities, and enforcement actions to terminate such use. 33. The system according to claim 20, in which the data received from the object containing the stored personal data of the person includes the period of time of consent or confirmation of the person, the length of time during which the personal data of the person will be stored, and the choice to extend or update the consent or confirmation persons, if necessary, and a notification about this is presented to the object and the person before the expiration of the agreement. 34. The system of claim 33, further comprising a means for enabling a person to delete personal data from the object’s data memory after the expiration of the agreement. 35. The system according to claim 20, in which, as a preliminary requirement for membership in the certification program of confidentiality rules, the object is required to come to an agreement regarding (a) work with insurance service providers or equivalent risk guarantee instruments for resolving disputes with individuals and ( b) reimbursement of expenses of insurance service providers or equivalent risk guarantee instruments for presented claims paid to persons due to violations by the object of their rights to confidentiality.

Images